Coinbase.com 无效的签名

huangapple go评论94阅读模式
英文:

Coinbase.com invalid signature

问题

我搜索了其他帖子,因为我不是唯一一个遇到签名问题的人。我尝试了几种语言,但问题始终存在。

我在coinbase.com的API身份验证中做错了什么:

# 通常我从https://api.coinbase.com/v2/time获取时间戳
TIMESTAMP=$(date +%s)
SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | hmac256 --stdkey $COINBASE_SECRET)

curl https://api.coinbase.com/v2/accounts \
  --header "CB-ACCESS-KEY: $COINBASE_KEY" \
  --header "CB-ACCESS-SIGN: $SIG" \
  --header "CB-ACCESS-TIMESTAMP: $TIMESTAMP" \
  --header "CB-VERSION: 2016-03-08"

在Go语言中,我尝试做类似的事情:

nonce := strconv.FormatInt(int64(time.Data.Epoch), 10)
message := nonce + req.Method + endpoint // endpoint "/v2/accounts"
req.Header.Set("CB-ACCESS-KEY", a.Key)
h := hmac.New(sha256.New, []byte(a.Secret))
h.Write([]byte(message))

signature := hex.EncodeToString(h.Sum(nil))

req.Header.Set("CB-ACCESS-SIGN", signature)
req.Header.Set("CB-ACCESS-TIMESTAMP", nonce)
req.Header.Set("CB-VERSION", "2016-03-08")

此外,似乎不再支持沙盒,因为api.sandbox.coinbase.com不可用了?!

祝好!

英文:

I searched the other posts since I am not the only person with signature issues. I tried it with couple of languages and I always have the same problem.

What am I doing wrong with the API authentication with coinbase.com:

# normally I fetch the timestamp from https://api.coinbase.com/v2/time
TIMESTAMP=$(date +%s)
SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | hmac256 --stdkey $COINBASE_SECRET)

curl https://api.coinbase.com/v2/accounts \
  --header "CB-ACCESS-KEY: $COINBASE_KEY" \
  --header "CB-ACCESS-SIGN: $SIG" \
  --header "CB-ACCESS-TIMESTAMP: $TIMESTAMP" \
  --header "CB-VERSION: 2016-03-08"

In go I am trying to do something like:

nonce := strconv.FormatInt(int64(time.Data.Epoch), 10)
message := nonce + req.Method + endpoint // endpoint "/v2/accounts"
req.Header.Set("CB-ACCESS-KEY", a.Key)
h := hmac.New(sha256.New, []byte(a.Secret))
h.Write([]byte(message))

signature := hex.EncodeToString(h.Sum(nil))

req.Header.Set("CB-ACCESS-SIGN", signature)
req.Header.Set("CB-ACCESS-TIMESTAMP", nonce)
req.Header.Set("CB-VERSION", "2016-03-08")

Also it seams that the sandbox is no longer supported since api.sandbox.coinbase.com is unavailable?!

Kind regards

答案1

得分: 1

对于bash/curl,问题出在我使用的hmac工具与echo命令一起使用。以下是我在curl请求中使用的解决方法:

SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | openssl dgst -sha256 -hmac "$COINBASE_SECRET" |cut -d' ' -f2);

至于golang,我比较了哈希值,并得出结论,我正在使用的当前库存在问题。

我自己编写了一个库(https://github.com/Zauberstuhl/go-coinbase),现在它运行得很好。
我做的与上面相同,只是在最终编码时使用了Sprintf,但应该是一样的。

无论如何,谢谢!

英文:

For bash/curl the issue was the hmac tool I used with echo. Following worked for me with curl requests:

SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | openssl dgst -sha256 -hmac "$COINBASE_SECRET" |cut -d' ' -f2);

In respect of golang I compared the hash sums and came to the conclusion that something is fishy with the current library I am using.

I wrote a library on my own (https://github.com/Zauberstuhl/go-coinbase) and now it works like a charm.
I am doing the same like above except I am using Sprintf for the final encoding but that should be the same.

Thanks anyway!

huangapple
  • 本文由 发表于 2017年1月23日 23:10:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/41809503.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定